The entry into force of the General Data Protection Regulation 2016/679 (EU), also known as “GDPR”, in conjunction with the national Law 4624/2019 and the Directives, Decisions and Opinions of the Data Protection Authority, constitute the existing legal framework with which every company that collects and processes personal data, during the exercise of its business activities, must comply.
“Personal Data” is considered any information relating to an identified or identifiable natural person. For example, personal data is considered the first name, last name, home address, age occupation, Tax ID, etc. of a natural person and businesses, typically, collect personal data of their clients, associates and employees.
“Sensitive Personal Data” is considered that data which discloses racial or ethnic origin, political views, religious or philosophical beliefs, or trade union affiliation, as well as the processing of genetic data, biometric data for the purpose of undisputable identification, data relating to health issues or data relating to the sexual life of a natural person or to sexual orientation.
The data protection legislation introduces new, increased requirements and obligations for companies and organizations in order to keep up with the new era. Compliance with the data protection legislation is a matter of paramount importance, as its violation may lead to the imposition of heavy administrative fines of up to 10 or 20 million euros (depending on the gravity of the violation), criminal sanctions, damages, litigation, etc., to the detriment of the company’s reputation, and the distrust of the consumer public, regarding the legal and secure processing of his/her personal data.
Data protection legislation concerns any undertaking or body, public or private which, either maintains an establishment within the European Union (EU), or processes personal data within the Union for the supply of goods and services or the monitoring of their behavior.
DPO Service Description
The appointment of a Data Protection Officer (DPO) is a cornerstone of ensuring continued compliance with data protection legislation. DPO has a leading role in privacy and protection of personal data matters, offering his/her services both, remotely and with on-site visits to the client’s premises. In particular, according to Article 39 of the GPDR, the DPO:
- informs and advises the Client, who acts either as a Data Controller or as a Data Processor, and the employees regarding their obligations due to the data protection legislation,
- monitors the Client’s compliance with the data protection legislation, the internal Policies and Procedures regarding the protection of personal data, including the assignment of responsibilities, the consciousness raising and training of employees who participate in the operating processes as well as related controls,
- provides advice, when requested, on data protection impact assessment, and monitors its implementation,
- cooperates with the Data Protection Authority,
- is the contact person with the Data Protection Authority, for issues related to data processing, including the former consultation, and carries out consultations, as the case may be, on any other issue,
- monitors and reports the ongoing compliance and best practices in Client’s management, regarding data protection matters in the context of the ongoing legal and regulatory developments.
DPO Designation Necessity-Obligation
According to the General Data Protection Regulation 2016/679 (EU), some bodies are obliged to appoint a Data Protection Officer (DPO). These bodies are:
- Public Authorities or bodies, other than courts acting within their jurisdiction,
- Organizations whose core activities require regular and systematic monitoring of personal data on a large scale,
- Organizations whose main activities include large-scale processing of sensitive personal data.
The DPO is appointed on the basis of professional qualifications, and in particular on the basis of his/her expertise in the field of law and data protection practices, as well as on the ability to perform its duties.
Revival’s DPO service, allows to ensure the consistent compliance with the data protection legislation, while the Client continues to focus on the core business activities. In addition to maintaining GDPR compliance, the DPO service contributes to increased security and productivity, risk management and cost benefits.
The fragmentary implementation of technical and organizational measures for the protection of personal data is considered ineffective if it is not accompanied by the constant supervision of the proper implementation and the updating of the procedures, which will be undertaken by the Data Protection Officer (DPO). The services of a well-trained DPO therefore, offer high added value to any business, whether the appointment is mandatory or a voluntary decision.
Revival’s Competitive Advantage
Revival’s DPO service is provided by a team of trained and experienced executives, characterized by:
- Excellent knowledge of the existing legal framework for the protection of personal data and in particular the GDPR,
- Information security knowledge and skills,
- Knowledge regarding the implementation of the Confidentiality, Integrity and Availability triptych,
- Excellent understanding of risk management and risk assessments,
- Excellent understanding of compliance standards,
- Ability to coordinate and advise on data breaches and reporting the supervisory authority (Data Protection Authority),
- Ability to coordinate the process of dealing with security incidents,
- Immediate response to Clients’ requests-questions,
- Continuous monitoring of the evolving scientific dialogue on personal data protection issues at a national and international level,
- Experience in providing DPO services to clients in both private and public sector.